Social Icons

Showing posts with label DATA PROTECTION. Show all posts
Showing posts with label DATA PROTECTION. Show all posts

Friday, December 21, 2012

Need of Encryption : Your files - Your Data


1.   In today's times when every spying eye,every hacker on the web is eyeing your info.... apart from hardening your OS and configuring your system securely what else can you do to secure your info after some one gate crashes into your system?.....I mean after someone gets your root privileges via remote access...what are the options to save your self from sharing your critical data with him?The answer is ENCRYPTION...

2.   Encryption is the process of encoding your information) in such a way that hackers cannot read it, but that authorized parties can.So without getting into the nitty gritties of what is Encryption and how it works..i am focusing here of what all opensource and free applications are available for encryption...

3.   First I would mention about TrueCrypt,this is the one I have been using for years...the reliability of this application can be gauged from the fact that in 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries.(Source : http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html)

4.   The other strong opensource software's available for encryption are :

    - E4M ie ENCRYPTION for MASSES)
    - Free OTFE
    - Scramdisk

5.   TrueCrypt remains the best bet for all present users.The popularity can be gauged from another fact that this is being used by cyber criminals to!!

Wednesday, July 04, 2012

Cloud Computing : A dummies over view!!!! - 1


1.   Cloud computing is ALREADY the next stage in evolution of the Internet. The cloud in cloud computing provides the means through which everything from computing power to computing infrastructure,applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need.Cloud computing is offered in different forms:

- Public clouds
- Private clouds
- Hybrid clouds, which combine both public and private

2.   In general the cloud is similar to fluid that can easily expand and contract. This elasticity means that users can request additional resources on demand and just as easily deprovision (or release) those resources when they’re no longer needed. This elasticity is one of the main reasons individual, business, and IT users are steadily moving to the cloud.In the traditional data center it has always been possible to add and release resources but we all know how much effort generally goes in. 

3.   This doesn’t mean that all applications, services, and processes will necessarily be moved to the cloud. Many businesses are much more cautious and are taking a hard look at their most strategic business processes and intellectual property to determine which computing assets need to remain under internal company control and which computing assets could be moved to the cloud.

4.   The cloud itself is a set of hardware, networks, storage, services, and interfaces that enable the delivery of computing as a service. Cloud services include the following :

- IaaS(Infrastructure as a service) : Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.

- PaaS(Platform as a Service) : Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones.

- SaaS ( Software as a Service) : Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.


6.   Now that goes as the most simple intoruction for a cloud computing over view...the main part starts now...how about the security aspects for each of these...that will be in slightly more detail in subsequent posts...

Tuesday, January 19, 2010

Google vs Bing : On Data retention policy change

1. Ever wondered about privacy policy of search engines specifically about Google and Bing...i came to know of this recently while i read at http://www.bing.com/community/blogs/search/archive/2010/01/19/updates-to-bing-privacy.aspx on the subject.

2. In case of Bing,the amount of time IP addresses are stored from searchers is 18 months which the claim now to reduce to 6 months. Generally, when Bing receives search data ,the following things undergo action

First, steps to separate the account information (such as email or phone number) from other information (what the query was, for example).

Secondly , after 18 months another additional step of deleting the IP address and any other cross session IDs associated with the query.

3. Under the new policy, all the steps will continue as were applied previously except that now IP address will be completely removed at 6 months, instead of 18 months. Rival Google had cut retention time to 9 months from 18 in August 2008.Notwithstanding, Microsoft executives arrogates their initiative go much further than Google , because Microsoft intends deleting all parts of the IP (Internet Protocol) address after six months, while Google still retains part of the address after its self-imposed nine-month cut-off point.

Friday, June 26, 2009

Are you secure at your friendly neighbourhood CYBER CAFE ?

1. This one comes after I have read a wonderful article in the DIGIT Carnival issue Jun 09 on Cyber café Security. This article covered how few Cyber Cafe’s with notorious intentions can play with crucial, critical and confidential information of the user who might have accessed his e-mail accounts or would have booked a flight ticket with his credit card or might have done some personal work on the cyber cafe’s PC.In the following paragraphs I would just go over the preventive measures in brief as outlined in that article. Genuine Informative CREAMY INFO THAT IS!!!!!!!!

2. PORTABLE WEB BROWSER : A portable web browser as the name suggests would be able to allow you to take bookmarks and passwords with you while not writing any information on the host computer. This allows to bypass key loggers who would be expecting that all that you type would be logged in one separate file unknown to the user. So this feature of the portable browser would allow you to access your accounts without typing and thus preventing from leaking your crucial info. But at the same time you have to be aware that PENDRIVE would be equal to your most precious thing in life….so don’t ever try and attempt loosing it.Mozzilla,Opera have these free softwares ready for download at the click of a button and Chrome is working still!!!!!

3. Another thing about the key logger software’s available in the market, yes they include OPEN SOURCE TYPE ALSO………so all the more vulnerable the user becoming a quarry. Key logger can be of two types :

a. Hardware Type – By using a small chip in the keyboard which makes by passing impossible.As shown in the figure below,we see a normal CPU rear from back and another PC with the malicious chip placed in between the cable.

b. Software Type – Can be activated with the help of a Trojan or with the help of a simple installation.

4. A software based key logger can either keep a record of what is being typed or would be able to take periodic screen shots while the user is using the PC.All this being sent to a remote server without the knowledge of the bechara user.Hai na kamaaal ke baat!!!!!!!!!!

5. VIRTUAL KEYBOARD : Although the endeavor of the cyber cafe PC user should be to ensure that in no circumstance, credit card details should be typed,but if at all it is marta kya na karta wali baat,then use of virtual keyboard should be exploited. This would be available as Start > Accessories > On Screen Keyboard.Although there are ways and means to even break this,but then there would never be a guarantee of sort…after all U R ON THE WEB BHAISAAAB…..every thing is accessible.

6. I would like to mention one more thing here….VIRTUAL KEYBOARDS/ON SCREEN KEYBOARDS are not a guarantee for ensuring safety. There are key loggers which are even configured to log only details from on screen key boards. There is a solution to this also and that is OBFUSCATION.

7. OBFUSCATION : This basically allows key loggers to log a certain combination of keys,while keying in different combination. There are some programs that are targeted at different obfuscation algorithm and thus by pass typing in the meat thing. Obfuscation is actually the deliberate hiding of the software's behavior, is used by malware authors as well as legitimate software developers. They both use code obfuscation techniques to keep curious souls from understanding how their software works and what it is doing to the computer on which it runs.A complex thing in itself but who needs to know that….aaam khao….not to worry of guthli!!!!!!!!!!!How to use it?Pl BING or Google.

8. Another important thing to be ensured is to protect your USB drive from Viruses.The first thing to do when you plug in your USB Drive into a public computer is to identify and disable malicious processes running. Process Explorer is a good utility for doing this.This is actually like windows task manager but with few more good options to work on. A Screen Shot from my lap top shown below.

9. Securely deleting data : Last but not the least…ensure using a good software that ensures that no trace of activity on the used computer is left behind.I recommend using ERASER and Free Commander ……tried and tested……………


Powered By Blogger